Directory: /pentest/sniffers/darkstat
darkstat is a network sniffer, which will collect usage statistics as a background process, and show it on a web interface. By default it will bind to pot 667.
Usage:
The most basic run, which probably enough in most of the time:
./darkstat -i eth0
On Backtrack (and Ubuntu) this will throw an error:
14359: error: getaddrinfo(NULL,667) failed: Name or service not known: Device or resource busy
There is a workaround, we can bind the server to 0.0.0.0, and it will work than
./darkstat -b 0.0.0.0 -i eth0
Some other useful option:
-p - bind to a specific port
-r file - open a pcap file, and make stats from that
--syslog - log to a syslog server
--no-macs - doesn't collect MAC address information
After that we need to open the web browser, and navigate to localhost:667. We will have two tabs, a graphs and a hosts. On the graphs we will see usage stats from the last minute, hour, day and month. On the hosts we will see visited sites stats, and we can sort it based on incoming, outgoing, total packets, and last seen time.
No comments:
Post a Comment